Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PLEASEhelp...nasty rootkit malware redirect has disabled MBAM, GMER, a


  • Please log in to reply

#1
RealBlasty

RealBlasty

    New Member

  • Member
  • Pip
  • 8 posts
Machine is running terribly slow....getting redirected to all kinds of spam pages.....tried to run malware bytes and now it has been disabled by the malware...same thing with GMER and Hijackthis. The only thing I havent tried is Combofix, which Im scared to run without someone who knows what theyre doing telling me exactly what I need to do. Can someone please help me ASAP? Thank you so much for your time

here is my OTL log



OTL logfile created on: 9/26/2011 8:10:11 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Mike Pizzo\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.04 Mb Total Physical Memory | 386.52 Mb Available Physical Memory | 38.12% Memory free
2.38 Gb Paging File | 1.85 Gb Available in Paging File | 77.71% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 96.90 Gb Total Space | 9.10 Gb Free Space | 9.39% Space Free | Partition Type: NTFS
Drive D: | 13.85 Gb Total Space | 0.99 Gb Free Space | 7.13% Space Free | Partition Type: FAT32

Computer Name: PC139818592325 | User Name: Mike Pizzo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\WINDOWS\1925361712:3478076813.exe
PRC - [2011/09/26 19:52:07 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike Pizzo\Desktop\OTL.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/11/19 19:15:46 | 000,583,016 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2009/04/10 12:29:08 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/04/01 16:51:34 | 000,801,032 | ---- | M] () -- C:\Documents and Settings\Mike Pizzo\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/03/14 09:51:52 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) -- C:\Program Files\Vongo\VongoService.exe
PRC - [2006/03/14 09:51:44 | 000,073,728 | ---- | M] (Starz) -- C:\Program Files\Vongo\Tray.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/12/23 23:44:26 | 000,491,606 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe
PRC - [2005/09/24 11:42:32 | 000,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hp\Digital Imaging\bin\hpqimzone.exe


========== Modules (No Company Name) ==========

MOD - [2009/06/03 14:09:37 | 001,291,264 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/04/22 14:56:27 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_c0fed345\mscorlib.dll
MOD - [2009/04/22 14:56:25 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_067338ad\system.drawing.dll
MOD - [2009/04/22 14:56:21 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_4d6d62b7\system.xml.dll
MOD - [2009/04/22 14:56:17 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_4957aa7a\system.windows.forms.dll
MOD - [2009/04/22 14:56:12 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_4b5b6ca2\system.dll
MOD - [2009/04/22 14:56:06 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2009/04/10 12:29:08 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
MOD - [2009/04/06 12:47:16 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Mike Pizzo\.autobahn\libwin32proxyconfig.dll
MOD - [2009/04/01 16:51:34 | 016,907,016 | ---- | M] () -- C:\Documents and Settings\Mike Pizzo\Local Settings\Application Data\Autobahn\bin\4.2.17.MLB_09_58\swarmcast.dll
MOD - [2009/04/01 16:51:34 | 000,801,032 | ---- | M] () -- C:\Documents and Settings\Mike Pizzo\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe
MOD - [2008/06/20 12:46:57 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 12:46:57 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/04/11 23:54:12 | 000,167,936 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\common\CLDataSync.dll
MOD - [2006/03/28 08:17:06 | 000,774,144 | ---- | M] () -- c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll
MOD - [2006/03/28 08:17:06 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2006/03/28 08:16:58 | 001,044,480 | ---- | M] () -- c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll
MOD - [2006/03/28 08:16:54 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll
MOD - [2006/03/28 08:16:52 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
MOD - [2006/03/28 08:16:52 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
MOD - [2006/03/28 08:16:52 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll
MOD - [2006/03/28 08:16:50 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2006/03/28 08:16:50 | 000,090,112 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
MOD - [2006/03/28 08:16:50 | 000,086,016 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll
MOD - [2006/03/28 08:16:50 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.codecs\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.codecs.dll
MOD - [2006/03/28 08:16:50 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll
MOD - [2006/03/28 08:16:50 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
MOD - [2006/03/28 08:16:50 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2006/03/28 08:16:48 | 000,512,000 | ---- | M] () -- c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll
MOD - [2006/03/28 08:16:48 | 000,368,640 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2006/03/28 08:16:48 | 000,192,512 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2006/03/28 08:16:48 | 000,073,728 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2006/03/28 08:16:48 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll
MOD - [2006/03/28 08:16:48 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll
MOD - [2006/03/28 08:16:48 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
MOD - [2006/03/28 08:16:48 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2006/03/28 08:16:48 | 000,014,848 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll
MOD - [2006/03/28 08:16:48 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2006/03/28 08:16:48 | 000,004,096 | ---- | M] () -- c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
MOD - [2006/03/28 08:16:46 | 000,589,824 | ---- | M] () -- c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll
MOD - [2006/03/28 08:16:46 | 000,385,024 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2006/03/28 08:16:46 | 000,225,280 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2006/03/28 08:16:46 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2006/03/28 08:16:46 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2006/03/28 08:16:46 | 000,020,480 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2006/03/28 07:52:58 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2006/03/28 07:52:56 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2006/03/28 07:52:54 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2006/03/28 07:50:54 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2006/03/14 09:51:40 | 000,159,744 | ---- | M] () -- C:\Program Files\Vongo\CaPolMgr.dll
MOD - [2006/03/12 08:07:44 | 000,184,320 | R--- | M] () -- C:\Program Files\Vongo\sqldrivers\qsqlite.dll
MOD - [2006/03/12 08:07:42 | 003,940,352 | ---- | M] () -- C:\Program Files\Vongo\qt-mt335.dll
MOD - [2005/12/23 23:44:26 | 000,491,606 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe
MOD - [2005/08/06 01:01:54 | 000,282,112 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/02/19 20:30:16 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2006/03/14 09:51:52 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) [Auto | Running] -- C:\Program Files\Vongo\VongoService.exe -- (Vongo Service)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2008/05/08 09:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 13:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2006/04/18 06:29:06 | 000,569,856 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/03/14 13:02:54 | 001,428,480 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/03/02 06:03:32 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/09/20 05:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/09/19 15:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 15:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 15:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/08/22 10:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 10:06:16 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/08/22 10:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/07/17 10:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)
DRV - [2002/07/17 10:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sports.yahoo.com/fantasy
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 07 E4 6F 15 00 EC 48 42 AD 6E 5A 97 9F 50 45 F9 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "pof.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {b7904e91-98d3-40f3-be91-76f7c5410944}:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Mike Pizzo\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Mike Pizzo\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Mike Pizzo\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Mike Pizzo\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Mike Pizzo\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Mike Pizzo\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Mike Pizzo\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Documents and Settings\Mike Pizzo\Application Data\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2011/09/25 13:45:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/09/25 13:45:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/06 20:32:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/06 20:32:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2010/04/15 10:25:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/04/15 10:25:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Mike Pizzo\Application Data\Move Networks [2010/03/29 23:35:14 | 000,000,000 | ---D | M]

[2009/04/26 03:46:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike Pizzo\Application Data\Mozilla\Extensions
[2011/09/25 13:47:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike Pizzo\Application Data\Mozilla\Firefox\Profiles\u4ivvbs4.default\extensions
[2011/07/22 19:45:12 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Mike Pizzo\Application Data\Mozilla\Firefox\Profiles\u4ivvbs4.default\extensions\{b7904e91-98d3-40f3-be91-76f7c5410944}
[2009/09/28 20:46:40 | 000,002,160 | ---- | M] () -- C:\Documents and Settings\Mike Pizzo\Application Data\Mozilla\Firefox\Profiles\u4ivvbs4.default\searchplugins\MySpace.xml
[2011/09/25 13:47:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/19 17:39:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/17 05:08:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/03/29 23:35:14 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\MIKE PIZZO\APPLICATION DATA\MOVE NETWORKS
[2009/04/22 17:00:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/07/07 15:09:27 | 000,316,785 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10870 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DW6] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\Mike Pizzo\Start Menu\Programs\StartUp\MLB.TV NexDef Plug-in.lnk = C:\Documents and Settings\Mike Pizzo\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe ()
O4 - Startup: C:\Documents and Settings\Mike Pizzo\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (Starz)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8B71E6C-4209-4543-974A-D328857751A8}: DhcpNameServer = 68.87.68.166 68.87.74.166
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mike Pizzo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mike Pizzo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/26 19:52:03 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike Pizzo\Desktop\OTL.exe
[2011/09/26 19:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/09/25 22:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2011/09/25 22:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011/09/25 13:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2011/09/25 13:43:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/09/25 13:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike Pizzo\Start Menu\Programs\Unlocker
[2011/09/25 13:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2011/09/25 13:29:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/09/25 02:30:34 | 004,227,131 | ---- | C] (Swearware) -- C:\Documents and Settings\Mike Pizzo\Desktop\ComboFix.exe
[2011/09/25 01:55:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/09/24 21:32:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mike Pizzo\Start Menu\Programs\Administrative Tools
[2011/09/24 20:49:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/09/24 20:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/09/24 20:23:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/24 20:23:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/24 18:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/09/24 18:27:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/24 18:27:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/09/22 15:19:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike Pizzo\Application Data\vlc
[2011/09/22 15:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Mike Pizzo\Desktop\*.tmp files -> C:\Documents and Settings\Mike Pizzo\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/26 20:05:58 | 000,001,160 | ---- | M] () -- C:\hpqp.ini
[2011/09/26 20:05:52 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2011/09/26 20:05:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\1925361712
[2011/09/26 20:05:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/26 20:05:23 | 1063,374,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/26 19:52:07 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike Pizzo\Desktop\OTL.exe
[2011/09/26 19:49:02 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3013578041-3076308925-2894320300-1005UA.job
[2011/09/26 19:47:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/25 23:49:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3013578041-3076308925-2894320300-1005Core.job
[2011/09/25 14:42:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\possiblebadfile
[2011/09/25 14:04:38 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/09/25 02:30:49 | 004,227,131 | ---- | M] (Swearware) -- C:\Documents and Settings\Mike Pizzo\Desktop\ComboFix.exe
[2011/09/24 20:25:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Mike Pizzo\Desktop\*.tmp files -> C:\Documents and Settings\Mike Pizzo\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/25 14:50:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\1925361712
[2011/09/25 13:45:45 | 000,001,077 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Default Manager.lnk
[2011/09/25 13:44:24 | 000,001,077 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live ID.lnk
[2011/09/25 10:26:45 | 1063,374,848 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/24 18:16:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\possiblebadfile
[2010/05/29 16:36:13 | 005,653,224 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010/05/29 16:36:13 | 000,015,341 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/04/25 03:50:57 | 000,000,172 | ---- | C] () -- C:\Documents and Settings\Mike Pizzo\Application Data\wklnhst.dat
[2009/12/02 22:12:34 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Mike Pizzo\Local Settings\Application Data\housecall.guid.cache
[2009/05/18 12:00:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/03 06:54:29 | 000,000,391 | ---- | C] () -- C:\WINDOWS\COVERE~1.INI
[2009/04/28 21:29:44 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/26 03:46:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/25 20:29:06 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/04/23 10:20:22 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\Mike Pizzo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/22 12:40:59 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Mike Pizzo\Local Settings\Application Data\fusioncache.dat
[2009/01/05 15:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2006/05/11 07:38:45 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/05/11 07:36:22 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/05/11 07:36:22 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/05/11 07:15:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/11 07:07:37 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/03/28 08:51:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/03/28 08:51:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/28 08:18:26 | 000,087,268 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/03/28 08:15:24 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/28 08:12:08 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/28 07:56:42 | 000,394,542 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/03/28 07:56:42 | 000,056,968 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/03/28 07:48:30 | 000,374,464 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/03/28 07:43:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/03/28 07:39:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/12/02 13:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/06 01:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/10 10:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 10:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 10:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 10:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 10:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 10:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 10:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 10:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/13 14:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2002/05/28 16:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 16:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2009/04/22 12:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2009/06/01 23:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks(2)
[2009/04/23 20:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/17 18:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/04/28 02:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Pizzo\Application Data\acccore
[2011/09/24 20:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Pizzo\Application Data\Azureus
[2010/05/31 22:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Pizzo\Application Data\dBpoweramp
[2010/12/24 01:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Pizzo\Application Data\Electronic Arts
[2010/04/25 03:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Pizzo\Application Data\Template

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 784 bytes -> C:\WINDOWS\possiblebadfile:3478076813.exe
@Alternate Data Stream - 784 bytes -> C:\WINDOWS\1925361712:3478076813.exe
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6971CCC5

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
This is the ZeroAccess Rootkit.

Let's see what happens with Combofix:

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan


On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply

Ron
  • 0

#3
RealBlasty

RealBlasty

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
ok...one note...when running combofix a couple popups appeared telling me to run chkdisk because i had a corrupt file....wasnt sure if this was part of combofix or the malware trying to mislead me so I didnt touch anything. All 3 logs are presented below...Also, you asked if the Fix button was enabled after the aswMBR scan and it was not..... heres the combofix log:


ComboFix 11-09-24.04 - Mike Pizzo 09/26/2011 21:34:12.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.679 [GMT -5:00]
Running from: c:\documents and settings\Mike Pizzo\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\csc.exe.3e4ac0af.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\hpqthb08.exe.a935d1e0.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\IEActivex.exe.cccdbce.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\RegisterMCEApp.exe.19d07aaf.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL168.tmp.161eca5c.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL52E.tmp.6a5b291.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL8D.tmp.82d0ca15.ini
c:\documents and settings\All Users\Start Menu\Programs\System Recovery
c:\documents and settings\All Users\Start Menu\Programs\System Recovery\Application & Driver Recovery.lnk
c:\documents and settings\All Users\Start Menu\Programs\System Recovery\PC Recovery Disc Creator.lnk
c:\documents and settings\All Users\Start Menu\Programs\System Recovery\PC Recovery.lnk
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\csc.exe.3e4ac0af.ini
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\hpqthb08.exe.a935d1e0.ini
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\IEActivex.exe.cccdbce.ini
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\RegisterMCEApp.exe.19d07aaf.ini
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\SL168.tmp.161eca5c.ini
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\SL52E.tmp.6a5b291.ini
c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory\SL8D.tmp.82d0ca15.ini
c:\documents and settings\Mike Pizzo\Application Data\Mozilla\Firefox\Profiles\u4ivvbs4.default\extensions\{b7904e91-98d3-40f3-be91-76f7c5410944}
c:\documents and settings\Mike Pizzo\Application Data\Mozilla\Firefox\Profiles\u4ivvbs4.default\extensions\{b7904e91-98d3-40f3-be91-76f7c5410944}\chrome.manifest
c:\documents and settings\Mike Pizzo\Application Data\Mozilla\Firefox\Profiles\u4ivvbs4.default\extensions\{b7904e91-98d3-40f3-be91-76f7c5410944}\chrome\xulcache.jar
c:\documents and settings\Mike Pizzo\Application Data\Mozilla\Firefox\Profiles\u4ivvbs4.default\extensions\{b7904e91-98d3-40f3-be91-76f7c5410944}\defaults\preferences\xulcache.js
c:\documents and settings\Mike Pizzo\Application Data\Mozilla\Firefox\Profiles\u4ivvbs4.default\extensions\{b7904e91-98d3-40f3-be91-76f7c5410944}\install.rdf
c:\documents and settings\Mike Pizzo\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Mike Pizzo\Local Settings\Application Data\ApplicationHistory\csc.exe.3e4ac0af.ini
c:\documents and settings\Mike Pizzo\Local Settings\Application Data\ApplicationHistory\ehExtHost.exe.fa7bea74.ini
c:\documents and settings\Mike Pizzo\Local Settings\Application Data\ApplicationHistory\ehshell.exe.a87fcbb.ini
c:\documents and settings\Mike Pizzo\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini
c:\documents and settings\Mike Pizzo\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse
c:\documents and settings\Mike Pizzo\Local Settings\Application Data\ApplicationHistory\hpqthb08.exe.a935d1e0.ini
c:\documents and settings\Mike Pizzo\Local Settings\Application Data\ApplicationHistory\IEActivex.exe.cccdbce.ini
c:\documents and settings\Mike Pizzo\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Mike Pizzo\Local Settings\Application Data\ApplicationHistory\regasm.exe.11f1da13.ini
c:\documents and settings\Mike Pizzo\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini
c:\documents and settings\Mike Pizzo\Local Settings\Application Data\ApplicationHistory\RegisterMCEApp.exe.19d07aaf.ini
c:\documents and settings\Mike Pizzo\Local Settings\Application Data\ApplicationHistory\SL168.tmp.161eca5c.ini
c:\documents and settings\Mike Pizzo\Local Settings\Application Data\ApplicationHistory\SL52E.tmp.6a5b291.ini
c:\documents and settings\Mike Pizzo\Local Settings\Application Data\ApplicationHistory\SL8D.tmp.82d0ca15.ini
c:\windows\$NtUninstallKB3389$
c:\windows\$NtUninstallKB3389$\3307009298
c:\windows\$NtUninstallKB3389$\816890482\@
c:\windows\$NtUninstallKB3389$\816890482\bckfg.tmp
c:\windows\$NtUninstallKB3389$\816890482\cfg.ini
c:\windows\$NtUninstallKB3389$\816890482\Desktop.ini
c:\windows\$NtUninstallKB3389$\816890482\keywords
c:\windows\$NtUninstallKB3389$\816890482\kwrd.dll
c:\windows\$NtUninstallKB3389$\816890482\L\pzofaiii
c:\windows\$NtUninstallKB3389$\816890482\lsflt7.ver
c:\windows\$NtUninstallKB3389$\816890482\U\[email protected]
c:\windows\$NtUninstallKB3389$\816890482\U\[email protected]
c:\windows\$NtUninstallKB3389$\816890482\U\[email protected]
c:\windows\$NtUninstallKB3389$\816890482\U\[email protected]
c:\windows\system32\d3d9caps.dat
.
Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\cdrom.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_30b0c272
.
.
((((((((((((((((((((((((( Files Created from 2011-08-27 to 2011-09-27 )))))))))))))))))))))))))))))))
.
.
2011-09-26 03:29 . 2011-09-26 03:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2011-09-25 18:45 . 2011-09-25 18:45 -------- d-----w- c:\program files\MSN Toolbar
2011-09-25 18:41 . 2011-09-25 18:41 -------- d-----w- c:\program files\Unlocker
2011-09-25 18:29 . 2011-09-25 18:29 -------- d--h--w- c:\windows\PIF
2011-09-25 01:24 . 2011-09-25 01:24 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-25 01:23 . 2011-09-25 01:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-22 20:19 . 2011-09-25 01:23 -------- d-----w- c:\documents and settings\Mike Pizzo\Application Data\vlc
2011-09-22 20:17 . 2011-09-22 20:17 -------- d-----w- c:\program files\VideoLAN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-23 00:27 . 2011-07-23 00:27 802304 ----a-w- c:\windows\system32\audiodev32.exe
2011-07-07 00:52 . 2010-02-16 22:51 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 00:52 . 2010-02-16 22:51 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-01 11:34 . 2011-05-31 05:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 454656]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 761948]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-20 583016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [2010-03-24 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-09-29 9347072]
.
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-3-14 73728]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-3-14 73728]
.
c:\documents and settings\Guest\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-3-14 73728]
.
c:\documents and settings\Mike Pizzo\Start Menu\Programs\Startup\
MLB.TV NexDef Plug-in.lnk - c:\documents and settings\Mike Pizzo\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe [2009-4-1 801032]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-3-14 73728]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-3-14 73728]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Mike Pizzo\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/16/2010 5:51 PM 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/16/2010 5:51 PM 22712]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [4/23/2009 8:45 PM 16512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3013578041-3076308925-2894320300-1005Core.job
- c:\documents and settings\Mike Pizzo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-13 05:29]
.
2011-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3013578041-3076308925-2894320300-1005UA.job
- c:\documents and settings\Mike Pizzo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-13 05:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://sports.yahoo.com/fantasy
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
FF - ProfilePath - c:\documents and settings\Mike Pizzo\Application Data\Mozilla\Firefox\Profiles\u4ivvbs4.default\
FF - prefs.js: browser.startup.homepage - pof.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: [email protected] - c:\documents and settings\Mike Pizzo\Application Data\Move Networks
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-DW6 - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-26 21:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? [email protected][email protected]? ??? R??????([email protected][email protected]
.
scanning hidden files ...
.
.
c:\windows\possiblebadfile:3478076813.exe 784 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2248)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\msdtc.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Vongo\VongoService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
.
**************************************************************************
.
Completion time: 2011-09-26 22:01:06 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-27 03:01
.
Pre-Run: 9,754,312,704 bytes free
Post-Run: 10,073,808,896 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 57C75E5F6219B815B3B62D76CC3FE2C7








heres the TDSSkiller log:


22:05:21.0546 2256 TDSS rootkit removing tool 2.6.1.0 Sep 26 2011 09:21:32
22:05:21.0906 2256 ============================================================
22:05:21.0906 2256 Current date / time: 2011/09/26 22:05:21.0906
22:05:21.0906 2256 SystemInfo:
22:05:21.0906 2256
22:05:21.0906 2256 OS Version: 5.1.2600 ServicePack: 3.0
22:05:21.0906 2256 Product type: Workstation
22:05:21.0906 2256 ComputerName: PC139818592325
22:05:21.0906 2256 UserName: Mike Pizzo
22:05:21.0906 2256 Windows directory: C:\WINDOWS
22:05:21.0906 2256 System windows directory: C:\WINDOWS
22:05:21.0906 2256 Processor architecture: Intel x86
22:05:21.0906 2256 Number of processors: 2
22:05:21.0906 2256 Page size: 0x1000
22:05:21.0906 2256 Boot type: Normal boot
22:05:21.0906 2256 ============================================================
22:05:22.0171 2256 Initialize success
22:05:24.0109 3100 ============================================================
22:05:24.0109 3100 Scan started
22:05:24.0109 3100 Mode: Manual;
22:05:24.0109 3100 ============================================================
22:05:25.0265 3100 Abiosdsk - ok
22:05:25.0328 3100 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:05:25.0328 3100 abp480n5 - ok
22:05:25.0406 3100 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:05:25.0406 3100 ACPI - ok
22:05:25.0437 3100 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:05:25.0437 3100 ACPIEC - ok
22:05:25.0468 3100 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:05:25.0484 3100 adpu160m - ok
22:05:25.0515 3100 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:05:25.0515 3100 aec - ok
22:05:25.0562 3100 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
22:05:25.0562 3100 AFD - ok
22:05:25.0593 3100 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:05:25.0593 3100 agp440 - ok
22:05:25.0750 3100 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:05:25.0750 3100 agpCPQ - ok
22:05:25.0812 3100 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:05:25.0812 3100 Aha154x - ok
22:05:25.0859 3100 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:05:25.0859 3100 aic78u2 - ok
22:05:25.0890 3100 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:05:25.0890 3100 aic78xx - ok
22:05:25.0937 3100 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:05:25.0937 3100 AliIde - ok
22:05:25.0984 3100 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:05:25.0984 3100 alim1541 - ok
22:05:26.0031 3100 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:05:26.0031 3100 amdagp - ok
22:05:26.0046 3100 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
22:05:26.0046 3100 amsint - ok
22:05:26.0125 3100 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:05:26.0140 3100 Arp1394 - ok
22:05:26.0203 3100 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
22:05:26.0203 3100 asc - ok
22:05:26.0234 3100 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:05:26.0234 3100 asc3350p - ok
22:05:26.0265 3100 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:05:26.0265 3100 asc3550 - ok
22:05:26.0343 3100 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys
22:05:26.0343 3100 ASPI - ok
22:05:26.0390 3100 ASPI32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\ASPI32.sys
22:05:26.0390 3100 ASPI32 - ok
22:05:26.0437 3100 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:05:26.0437 3100 AsyncMac - ok
22:05:26.0468 3100 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:05:26.0468 3100 atapi - ok
22:05:26.0500 3100 Atdisk - ok
22:05:26.0546 3100 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:05:26.0562 3100 Atmarpc - ok
22:05:26.0656 3100 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:05:26.0656 3100 audstub - ok
22:05:26.0781 3100 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:05:26.0781 3100 Beep - ok
22:05:26.0843 3100 BTWUSB (7024e11dab9410b31a37547575249dd7) C:\WINDOWS\system32\Drivers\btwusb.sys
22:05:26.0843 3100 BTWUSB - ok
22:05:26.0843 3100 catchme - ok
22:05:26.0859 3100 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:05:26.0859 3100 cbidf - ok
22:05:26.0875 3100 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:05:26.0890 3100 cbidf2k - ok
22:05:26.0906 3100 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:05:26.0906 3100 cd20xrnt - ok
22:05:26.0921 3100 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:05:26.0921 3100 Cdaudio - ok
22:05:27.0000 3100 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:05:27.0000 3100 Cdfs - ok
22:05:27.0031 3100 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:05:27.0046 3100 Cdrom - ok
22:05:27.0062 3100 Changer - ok
22:05:27.0109 3100 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:05:27.0109 3100 CmBatt - ok
22:05:27.0156 3100 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:05:27.0156 3100 CmdIde - ok
22:05:27.0171 3100 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:05:27.0171 3100 Compbatt - ok
22:05:27.0203 3100 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:05:27.0203 3100 Cpqarray - ok
22:05:27.0265 3100 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:05:27.0265 3100 dac2w2k - ok
22:05:27.0359 3100 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:05:27.0359 3100 dac960nt - ok
22:05:27.0421 3100 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:05:27.0421 3100 Disk - ok
22:05:27.0500 3100 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:05:27.0562 3100 dmboot - ok
22:05:27.0656 3100 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:05:27.0671 3100 dmio - ok
22:05:27.0687 3100 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:05:27.0687 3100 dmload - ok
22:05:27.0718 3100 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:05:27.0718 3100 DMusic - ok
22:05:27.0781 3100 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:05:27.0781 3100 dpti2o - ok
22:05:27.0796 3100 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:05:27.0796 3100 drmkaud - ok
22:05:27.0859 3100 E100B (6ca101f9aa3d845ba31f6e13c01301a8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:05:27.0859 3100 E100B - ok
22:05:27.0890 3100 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
22:05:27.0890 3100 eabfiltr - ok
22:05:27.0984 3100 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
22:05:27.0984 3100 eabusb - ok
22:05:28.0031 3100 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:05:28.0031 3100 Fastfat - ok
22:05:28.0078 3100 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:05:28.0078 3100 Fdc - ok
22:05:28.0125 3100 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:05:28.0140 3100 Fips - ok
22:05:28.0171 3100 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:05:28.0171 3100 Flpydisk - ok
22:05:28.0203 3100 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:05:28.0203 3100 FltMgr - ok
22:05:28.0218 3100 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:05:28.0218 3100 Fs_Rec - ok
22:05:28.0234 3100 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:05:28.0250 3100 Ftdisk - ok
22:05:28.0265 3100 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:05:28.0281 3100 Gpc - ok
22:05:28.0343 3100 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
22:05:28.0343 3100 HBtnKey - ok
22:05:28.0390 3100 HdAudAddService (bb42bb78bbbc1e83292ef26973598daf) C:\WINDOWS\system32\drivers\CHDAud.sys
22:05:28.0421 3100 HdAudAddService - ok
22:05:28.0515 3100 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:05:28.0515 3100 HDAudBus - ok
22:05:28.0593 3100 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:05:28.0609 3100 HidUsb - ok
22:05:28.0703 3100 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
22:05:28.0703 3100 hpn - ok
22:05:28.0781 3100 HSFHWAZL (89e256c5f5346be265d9f86ac8625d4f) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
22:05:28.0781 3100 HSFHWAZL - ok
22:05:28.0921 3100 HSF_DPV (0e44af3828111d4c3e73c33ac95226d8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
22:05:28.0968 3100 HSF_DPV - ok
22:05:29.0046 3100 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
22:05:29.0062 3100 HTTP - ok
22:05:29.0140 3100 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
22:05:29.0156 3100 i2omgmt - ok
22:05:29.0218 3100 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:05:29.0218 3100 i2omp - ok
22:05:29.0250 3100 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:05:29.0250 3100 i8042prt - ok
22:05:29.0375 3100 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:05:29.0421 3100 ialm - ok
22:05:29.0500 3100 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
22:05:29.0515 3100 iaStor - ok
22:05:29.0546 3100 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:05:29.0562 3100 Imapi - ok
22:05:29.0609 3100 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:05:29.0609 3100 ini910u - ok
22:05:29.0625 3100 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:05:29.0640 3100 IntelIde - ok
22:05:29.0671 3100 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:05:29.0671 3100 intelppm - ok
22:05:29.0687 3100 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:05:29.0687 3100 Ip6Fw - ok
22:05:29.0734 3100 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:05:29.0750 3100 IpFilterDriver - ok
22:05:29.0796 3100 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:05:29.0796 3100 IpInIp - ok
22:05:29.0890 3100 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:05:29.0890 3100 IpNat - ok
22:05:29.0906 3100 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:05:29.0906 3100 IPSec - ok
22:05:29.0953 3100 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:05:29.0953 3100 IRENUM - ok
22:05:30.0000 3100 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:05:30.0000 3100 isapnp - ok
22:05:30.0062 3100 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:05:30.0062 3100 Kbdclass - ok
22:05:30.0093 3100 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:05:30.0093 3100 kbdhid - ok
22:05:30.0156 3100 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:05:30.0156 3100 kmixer - ok
22:05:30.0187 3100 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:05:30.0203 3100 KSecDD - ok
22:05:30.0218 3100 lbrtfdc - ok
22:05:30.0265 3100 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
22:05:30.0265 3100 MBAMProtector - ok
22:05:30.0375 3100 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:05:30.0375 3100 mdmxsdk - ok
22:05:30.0453 3100 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
22:05:30.0453 3100 MHNDRV - ok
22:05:30.0546 3100 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:05:30.0546 3100 mnmdd - ok
22:05:30.0656 3100 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:05:30.0656 3100 Modem - ok
22:05:30.0703 3100 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:05:30.0703 3100 Mouclass - ok
22:05:30.0718 3100 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:05:30.0718 3100 MountMgr - ok
22:05:30.0750 3100 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys
22:05:30.0750 3100 MQAC - ok
22:05:30.0812 3100 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:05:30.0812 3100 mraid35x - ok
22:05:30.0859 3100 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:05:30.0859 3100 MRxDAV - ok
22:05:30.0953 3100 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:05:30.0953 3100 MRxSmb - ok
22:05:30.0984 3100 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:05:30.0984 3100 Msfs - ok
22:05:31.0015 3100 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:05:31.0015 3100 MSKSSRV - ok
22:05:31.0046 3100 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:05:31.0046 3100 MSPCLOCK - ok
22:05:31.0078 3100 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:05:31.0078 3100 MSPQM - ok
22:05:31.0109 3100 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:05:31.0109 3100 mssmbios - ok
22:05:31.0125 3100 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
22:05:31.0125 3100 Mup - ok
22:05:31.0187 3100 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:05:31.0187 3100 NDIS - ok
22:05:31.0265 3100 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:05:31.0265 3100 NdisTapi - ok
22:05:31.0281 3100 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:05:31.0296 3100 Ndisuio - ok
22:05:31.0359 3100 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:05:31.0359 3100 NdisWan - ok
22:05:31.0406 3100 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
22:05:31.0406 3100 NDProxy - ok
22:05:31.0437 3100 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:05:31.0437 3100 NetBIOS - ok
22:05:31.0484 3100 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:05:31.0500 3100 NetBT - ok
22:05:31.0546 3100 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:05:31.0546 3100 NIC1394 - ok
22:05:31.0578 3100 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:05:31.0578 3100 Npfs - ok
22:05:31.0625 3100 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:05:31.0640 3100 Ntfs - ok
22:05:31.0703 3100 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:05:31.0703 3100 Null - ok
22:05:31.0718 3100 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:05:31.0718 3100 NwlnkFlt - ok
22:05:31.0781 3100 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:05:31.0781 3100 NwlnkFwd - ok
22:05:31.0828 3100 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:05:31.0828 3100 ohci1394 - ok
22:05:31.0937 3100 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
22:05:31.0937 3100 Parport - ok
22:05:31.0953 3100 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:05:31.0968 3100 PartMgr - ok
22:05:32.0000 3100 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:05:32.0000 3100 ParVdm - ok
22:05:32.0015 3100 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:05:32.0015 3100 PCI - ok
22:05:32.0031 3100 PCIDump - ok
22:05:32.0046 3100 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:05:32.0046 3100 PCIIde - ok
22:05:32.0062 3100 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:05:32.0078 3100 Pcmcia - ok
22:05:32.0078 3100 PDCOMP - ok
22:05:32.0093 3100 PDFRAME - ok
22:05:32.0109 3100 PDRELI - ok
22:05:32.0125 3100 PDRFRAME - ok
22:05:32.0156 3100 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
22:05:32.0156 3100 perc2 - ok
22:05:32.0171 3100 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:05:32.0171 3100 perc2hib - ok
22:05:32.0250 3100 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:05:32.0250 3100 PptpMiniport - ok
22:05:32.0265 3100 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:05:32.0265 3100 PSched - ok
22:05:32.0281 3100 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:05:32.0296 3100 Ptilink - ok
22:05:32.0312 3100 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:05:32.0312 3100 PxHelp20 - ok
22:05:32.0328 3100 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:05:32.0343 3100 ql1080 - ok
22:05:32.0343 3100 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:05:32.0359 3100 Ql10wnt - ok
22:05:32.0375 3100 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:05:32.0375 3100 ql12160 - ok
22:05:32.0390 3100 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:05:32.0390 3100 ql1240 - ok
22:05:32.0406 3100 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:05:32.0406 3100 ql1280 - ok
22:05:32.0421 3100 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:05:32.0421 3100 RasAcd - ok
22:05:32.0468 3100 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:05:32.0468 3100 Rasl2tp - ok
22:05:32.0484 3100 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:05:32.0484 3100 RasPppoe - ok
22:05:32.0500 3100 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:05:32.0500 3100 Raspti - ok
22:05:32.0531 3100 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:05:32.0546 3100 Rdbss - ok
22:05:32.0546 3100 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:05:32.0562 3100 RDPCDD - ok
22:05:32.0578 3100 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:05:32.0593 3100 rdpdr - ok
22:05:32.0625 3100 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
22:05:32.0625 3100 RDPWD - ok
22:05:32.0640 3100 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:05:32.0656 3100 redbook - ok
22:05:32.0750 3100 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
22:05:32.0765 3100 RMCAST - ok
22:05:32.0875 3100 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
22:05:32.0875 3100 rtl8139 - ok
22:05:32.0968 3100 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
22:05:32.0968 3100 sdbus - ok
22:05:33.0046 3100 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:05:33.0046 3100 Secdrv - ok
22:05:33.0093 3100 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
22:05:33.0093 3100 Serial - ok
22:05:33.0140 3100 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:05:33.0140 3100 Sfloppy - ok
22:05:33.0156 3100 Simbad - ok
22:05:33.0187 3100 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:05:33.0187 3100 sisagp - ok
22:05:33.0250 3100 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:05:33.0265 3100 Sparrow - ok
22:05:33.0296 3100 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:05:33.0312 3100 splitter - ok
22:05:33.0328 3100 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:05:33.0328 3100 sr - ok
22:05:33.0375 3100 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
22:05:33.0390 3100 Srv - ok
22:05:33.0437 3100 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:05:33.0437 3100 swenum - ok
22:05:33.0453 3100 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:05:33.0453 3100 swmidi - ok
22:05:33.0484 3100 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
22:05:33.0484 3100 symc810 - ok
22:05:33.0500 3100 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:05:33.0500 3100 symc8xx - ok
22:05:33.0515 3100 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:05:33.0515 3100 sym_hi - ok
22:05:33.0546 3100 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:05:33.0546 3100 sym_u3 - ok
22:05:33.0593 3100 SynTP (c9a1785cc0d7a040dd0fdbfeaa8be135) C:\WINDOWS\system32\DRIVERS\SynTP.sys
22:05:33.0609 3100 SynTP - ok
22:05:33.0734 3100 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:05:33.0734 3100 sysaudio - ok
22:05:33.0812 3100 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:05:33.0828 3100 Tcpip - ok
22:05:33.0875 3100 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:05:33.0875 3100 TDPIPE - ok
22:05:33.0953 3100 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:05:33.0953 3100 TDTCP - ok
22:05:34.0000 3100 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:05:34.0000 3100 TermDD - ok
22:05:34.0109 3100 tifm21 (9179e07503630d6fb2e4162ff0196191) C:\WINDOWS\system32\drivers\tifm21.sys
22:05:34.0109 3100 tifm21 - ok
22:05:34.0140 3100 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
22:05:34.0140 3100 TosIde - ok
22:05:34.0171 3100 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:05:34.0171 3100 Udfs - ok
22:05:34.0187 3100 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
22:05:34.0187 3100 ultra - ok
22:05:34.0250 3100 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:05:34.0265 3100 Update - ok
22:05:34.0312 3100 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:05:34.0328 3100 usbccgp - ok
22:05:34.0343 3100 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:05:34.0359 3100 usbehci - ok
22:05:34.0406 3100 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:05:34.0421 3100 usbhub - ok
22:05:34.0484 3100 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:05:34.0484 3100 usbprint - ok
22:05:34.0593 3100 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:05:34.0593 3100 USBSTOR - ok
22:05:34.0625 3100 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:05:34.0625 3100 usbuhci - ok
22:05:34.0625 3100 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:05:34.0640 3100 VgaSave - ok
22:05:34.0671 3100 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:05:34.0671 3100 viaagp - ok
22:05:34.0687 3100 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:05:34.0687 3100 ViaIde - ok
22:05:34.0703 3100 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:05:34.0703 3100 VolSnap - ok
22:05:34.0781 3100 w39n51 (4e7b07653f4f9937cf62ad2869fba520) C:\WINDOWS\system32\DRIVERS\w39n51.sys
22:05:34.0843 3100 w39n51 - ok
22:05:34.0875 3100 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:05:34.0875 3100 Wanarp - ok
22:05:34.0890 3100 WDICA - ok
22:05:34.0937 3100 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:05:34.0937 3100 wdmaud - ok
22:05:35.0000 3100 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:05:35.0031 3100 winachsf - ok
22:05:35.0203 3100 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:05:35.0218 3100 WmiAcpi - ok
22:05:35.0296 3100 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
22:05:35.0296 3100 WpdUsb - ok
22:05:35.0343 3100 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:05:35.0343 3100 WudfPf - ok
22:05:35.0390 3100 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:05:35.0390 3100 WudfRd - ok
22:05:35.0437 3100 MBR (0x1B8) (5ae5a393505cffd37fe98c4a7922908d) \Device\Harddisk0\DR0
22:05:35.0437 3100 \Device\Harddisk0\DR0 - ok
22:05:35.0437 3100 Boot (0x1200) (53926d7c71b43117a9f968a24f5fba0d) \Device\Harddisk0\DR0\Partition0
22:05:35.0437 3100 \Device\Harddisk0\DR0\Partition0 - ok
22:05:35.0484 3100 Boot (0x1200) (9d30dc68a9a6239fda2912fdb8e6ce1c) \Device\Harddisk0\DR0\Partition1
22:05:35.0484 3100 \Device\Harddisk0\DR0\Partition1 - ok
22:05:35.0484 3100 ============================================================
22:05:35.0484 3100 Scan finished
22:05:35.0484 3100 ============================================================
22:05:35.0500 3928 Detected object count: 0
22:05:35.0500 3928 Actual detected object count: 0
22:06:07.0125 3384 ============================================================
22:06:07.0125 3384 Scan started
22:06:07.0125 3384 Mode: Manual;
22:06:07.0125 3384 ============================================================
22:06:07.0375 3384 Abiosdsk - ok
22:06:07.0421 3384 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:06:07.0421 3384 abp480n5 - ok
22:06:07.0484 3384 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:06:07.0484 3384 ACPI - ok
22:06:07.0515 3384 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:06:07.0515 3384 ACPIEC - ok
22:06:07.0546 3384 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:06:07.0546 3384 adpu160m - ok
22:06:07.0562 3384 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:06:07.0562 3384 aec - ok
22:06:07.0609 3384 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
22:06:07.0625 3384 AFD - ok
22:06:07.0656 3384 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:06:07.0656 3384 agp440 - ok
22:06:07.0671 3384 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:06:07.0671 3384 agpCPQ - ok
22:06:07.0765 3384 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:06:07.0765 3384 Aha154x - ok
22:06:07.0796 3384 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:06:07.0796 3384 aic78u2 - ok
22:06:07.0828 3384 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:06:07.0828 3384 aic78xx - ok
22:06:07.0875 3384 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:06:07.0875 3384 AliIde - ok
22:06:07.0937 3384 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:06:07.0937 3384 alim1541 - ok
22:06:07.0984 3384 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:06:07.0984 3384 amdagp - ok
22:06:08.0000 3384 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
22:06:08.0000 3384 amsint - ok
22:06:08.0062 3384 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:06:08.0062 3384 Arp1394 - ok
22:06:08.0078 3384 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
22:06:08.0078 3384 asc - ok
22:06:08.0093 3384 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:06:08.0093 3384 asc3350p - ok
22:06:08.0109 3384 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:06:08.0109 3384 asc3550 - ok
22:06:08.0156 3384 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys
22:06:08.0156 3384 ASPI - ok
22:06:08.0218 3384 ASPI32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\ASPI32.sys
22:06:08.0234 3384 ASPI32 - ok
22:06:08.0281 3384 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:06:08.0281 3384 AsyncMac - ok
22:06:08.0312 3384 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:06:08.0312 3384 atapi - ok
22:06:08.0343 3384 Atdisk - ok
22:06:08.0421 3384 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:06:08.0421 3384 Atmarpc - ok
22:06:08.0468 3384 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:06:08.0468 3384 audstub - ok
22:06:08.0515 3384 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:06:08.0515 3384 Beep - ok
22:06:08.0625 3384 BTWUSB (7024e11dab9410b31a37547575249dd7) C:\WINDOWS\system32\Drivers\btwusb.sys
22:06:08.0625 3384 BTWUSB - ok
22:06:08.0625 3384 catchme - ok
22:06:08.0640 3384 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:06:08.0640 3384 cbidf - ok
22:06:08.0656 3384 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:06:08.0656 3384 cbidf2k - ok
22:06:08.0671 3384 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:06:08.0671 3384 cd20xrnt - ok
22:06:08.0687 3384 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:06:08.0687 3384 Cdaudio - ok
22:06:08.0734 3384 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:06:08.0734 3384 Cdfs - ok
22:06:08.0781 3384 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:06:08.0781 3384 Cdrom - ok
22:06:08.0796 3384 Changer - ok
22:06:08.0828 3384 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:06:08.0828 3384 CmBatt - ok
22:06:08.0875 3384 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:06:08.0875 3384 CmdIde - ok
22:06:08.0890 3384 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:06:08.0890 3384 Compbatt - ok
22:06:08.0906 3384 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:06:08.0906 3384 Cpqarray - ok
22:06:08.0968 3384 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:06:08.0968 3384 dac2w2k - ok
22:06:08.0984 3384 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:06:08.0984 3384 dac960nt - ok
22:06:09.0000 3384 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:06:09.0000 3384 Disk - ok
22:06:09.0062 3384 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:06:09.0078 3384 dmboot - ok
22:06:09.0171 3384 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:06:09.0171 3384 dmio - ok
22:06:09.0203 3384 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:06:09.0203 3384 dmload - ok
22:06:09.0265 3384 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:06:09.0265 3384 DMusic - ok
22:06:09.0312 3384 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:06:09.0312 3384 dpti2o - ok
22:06:09.0312 3384 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:06:09.0312 3384 drmkaud - ok
22:06:09.0359 3384 E100B (6ca101f9aa3d845ba31f6e13c01301a8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:06:09.0359 3384 E100B - ok
22:06:09.0390 3384 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
22:06:09.0390 3384 eabfiltr - ok
22:06:09.0437 3384 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
22:06:09.0437 3384 eabusb - ok
22:06:09.0500 3384 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:06:09.0500 3384 Fastfat - ok
22:06:09.0562 3384 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:06:09.0562 3384 Fdc - ok
22:06:09.0562 3384 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:06:09.0562 3384 Fips - ok
22:06:09.0578 3384 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:06:09.0578 3384 Flpydisk - ok
22:06:09.0593 3384 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:06:09.0593 3384 FltMgr - ok
22:06:09.0609 3384 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:06:09.0609 3384 Fs_Rec - ok
22:06:09.0625 3384 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:06:09.0625 3384 Ftdisk - ok
22:06:09.0656 3384 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:06:09.0656 3384 Gpc - ok
22:06:09.0671 3384 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
22:06:09.0671 3384 HBtnKey - ok
22:06:09.0796 3384 HdAudAddService (bb42bb78bbbc1e83292ef26973598daf) C:\WINDOWS\system32\drivers\CHDAud.sys
22:06:09.0796 3384 HdAudAddService - ok
22:06:09.0859 3384 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:06:09.0859 3384 HDAudBus - ok
22:06:09.0937 3384 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:06:09.0937 3384 HidUsb - ok
22:06:10.0000 3384 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
22:06:10.0000 3384 hpn - ok
22:06:10.0062 3384 HSFHWAZL (89e256c5f5346be265d9f86ac8625d4f) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
22:06:10.0062 3384 HSFHWAZL - ok
22:06:10.0171 3384 HSF_DPV (0e44af3828111d4c3e73c33ac95226d8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
22:06:10.0187 3384 HSF_DPV - ok
22:06:10.0218 3384 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
22:06:10.0218 3384 HTTP - ok
22:06:10.0265 3384 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
22:06:10.0265 3384 i2omgmt - ok
22:06:10.0296 3384 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:06:10.0296 3384 i2omp - ok
22:06:10.0328 3384 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:06:10.0328 3384 i8042prt - ok
22:06:10.0375 3384 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:06:10.0390 3384 ialm - ok
22:06:10.0500 3384 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
22:06:10.0500 3384 iaStor - ok
22:06:10.0531 3384 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:06:10.0531 3384 Imapi - ok
22:06:10.0578 3384 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:06:10.0578 3384 ini910u - ok
22:06:10.0671 3384 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:06:10.0671 3384 IntelIde - ok
22:06:10.0734 3384 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:06:10.0734 3384 intelppm - ok
22:06:10.0781 3384 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:06:10.0796 3384 Ip6Fw - ok
22:06:10.0843 3384 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:06:10.0843 3384 IpFilterDriver - ok
22:06:10.0921 3384 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:06:10.0921 3384 IpInIp - ok
22:06:10.0953 3384 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:06:10.0953 3384 IpNat - ok
22:06:11.0046 3384 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:06:11.0046 3384 IPSec - ok
22:06:11.0078 3384 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:06:11.0078 3384 IRENUM - ok
22:06:11.0109 3384 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:06:11.0109 3384 isapnp - ok
22:06:11.0140 3384 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:06:11.0140 3384 Kbdclass - ok
22:06:11.0156 3384 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:06:11.0156 3384 kbdhid - ok
22:06:11.0187 3384 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:06:11.0187 3384 kmixer - ok
22:06:11.0218 3384 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:06:11.0218 3384 KSecDD - ok
22:06:11.0281 3384 lbrtfdc - ok
22:06:11.0343 3384 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
22:06:11.0343 3384 MBAMProtector - ok
22:06:11.0406 3384 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:06:11.0406 3384 mdmxsdk - ok
22:06:11.0515 3384 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
22:06:11.0515 3384 MHNDRV - ok
22:06:11.0562 3384 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:06:11.0562 3384 mnmdd - ok
22:06:11.0640 3384 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:06:11.0640 3384 Modem - ok
22:06:11.0671 3384 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:06:11.0671 3384 Mouclass - ok
22:06:11.0718 3384 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:06:11.0718 3384 MountMgr - ok
22:06:11.0796 3384 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys
22:06:11.0796 3384 MQAC - ok
22:06:11.0906 3384 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:06:11.0906 3384 mraid35x - ok
22:06:11.0921 3384 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:06:11.0921 3384 MRxDAV - ok
22:06:11.0968 3384 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:06:11.0984 3384 MRxSmb - ok
22:06:12.0000 3384 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:06:12.0000 3384 Msfs - ok
22:06:12.0015 3384 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:06:12.0031 3384 MSKSSRV - ok
22:06:12.0046 3384 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:06:12.0046 3384 MSPCLOCK - ok
22:06:12.0078 3384 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:06:12.0078 3384 MSPQM - ok
22:06:12.0140 3384 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:06:12.0140 3384 mssmbios - ok
22:06:12.0156 3384 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
22:06:12.0156 3384 Mup - ok
22:06:12.0187 3384 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:06:12.0203 3384 NDIS - ok
22:06:12.0218 3384 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:06:12.0218 3384 NdisTapi - ok
22:06:12.0234 3384 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:06:12.0250 3384 Ndisuio - ok
22:06:12.0328 3384 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:06:12.0343 3384 NdisWan - ok
22:06:12.0390 3384 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
22:06:12.0406 3384 NDProxy - ok
22:06:12.0484 3384 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:06:12.0484 3384 NetBIOS - ok
22:06:12.0859 3384 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:06:12.0859 3384 NetBT - ok
22:06:13.0156 3384 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:06:13.0156 3384 NIC1394 - ok
22:06:13.0234 3384 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:06:13.0234 3384 Npfs - ok
22:06:13.0312 3384 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:06:13.0312 3384 Ntfs - ok
22:06:13.0375 3384 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:06:13.0375 3384 Null - ok
22:06:13.0406 3384 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:06:13.0406 3384 NwlnkFlt - ok
22:06:13.0453 3384 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:06:13.0453 3384 NwlnkFwd - ok
22:06:13.0468 3384 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:06:13.0468 3384 ohci1394 - ok
22:06:13.0500 3384 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
22:06:13.0500 3384 Parport - ok
22:06:13.0515 3384 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:06:13.0515 3384 PartMgr - ok
22:06:13.0531 3384 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:06:13.0546 3384 ParVdm - ok
22:06:13.0593 3384 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:06:13.0593 3384 PCI - ok
22:06:13.0625 3384 PCIDump - ok
22:06:13.0656 3384 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:06:13.0656 3384 PCIIde - ok
22:06:13.0734 3384 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:06:13.0734 3384 Pcmcia - ok
22:06:13.0765 3384 PDCOMP - ok
22:06:13.0796 3384 PDFRAME - ok
22:06:13.0859 3384 PDRELI - ok
22:06:13.0890 3384 PDRFRAME - ok
22:06:13.0984 3384 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
22:06:13.0984 3384 perc2 - ok
22:06:14.0031 3384 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:06:14.0031 3384 perc2hib - ok
22:06:14.0093 3384 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:06:14.0093 3384 PptpMiniport - ok
22:06:14.0109 3384 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:06:14.0109 3384 PSched - ok
22:06:14.0125 3384 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:06:14.0125 3384 Ptilink - ok
22:06:14.0140 3384 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:06:14.0140 3384 PxHelp20 - ok
22:06:14.0171 3384 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:06:14.0171 3384 ql1080 - ok
22:06:14.0171 3384 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:06:14.0171 3384 Ql10wnt - ok
22:06:14.0187 3384 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:06:14.0187 3384 ql12160 - ok
22:06:14.0203 3384 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:06:14.0203 3384 ql1240 - ok
22:06:14.0218 3384 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:06:14.0218 3384 ql1280 - ok
22:06:14.0250 3384 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:06:14.0250 3384 RasAcd - ok
22:06:14.0312 3384 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:06:14.0312 3384 Rasl2tp - ok
22:06:14.0328 3384 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:06:14.0328 3384 RasPppoe - ok
22:06:14.0343 3384 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:06:14.0343 3384 Raspti - ok
22:06:14.0359 3384 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:06:14.0375 3384 Rdbss - ok
22:06:14.0375 3384 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:06:14.0375 3384 RDPCDD - ok
22:06:14.0406 3384 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:06:14.0406 3384 rdpdr - ok
22:06:14.0421 3384 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
22:06:14.0437 3384 RDPWD - ok
22:06:14.0531 3384 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:06:14.0531 3384 redbook - ok
22:06:14.0625 3384 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
22:06:14.0625 3384 RMCAST - ok
22:06:14.0671 3384 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
22:06:14.0671 3384 rtl8139 - ok
22:06:14.0765 3384 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
22:06:14.0765 3384 sdbus - ok
22:06:14.0812 3384 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:06:14.0812 3384 Secdrv - ok
22:06:14.0843 3384 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
22:06:14.0843 3384 Serial - ok
22:06:14.0875 3384 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:06:14.0875 3384 Sfloppy - ok
22:06:14.0937 3384 Simbad - ok
22:06:15.0000 3384 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:06:15.0000 3384 sisagp - ok
22:06:15.0062 3384 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:06:15.0062 3384 Sparrow - ok
22:06:15.0140 3384 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:06:15.0140 3384 splitter - ok
22:06:15.0218 3384 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:06:15.0218 3384 sr - ok
22:06:15.0265 3384 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
22:06:15.0265 3384 Srv - ok
22:06:15.0312 3384 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:06:15.0312 3384 swenum - ok
22:06:15.0343 3384 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:06:15.0343 3384 swmidi - ok
22:06:15.0375 3384 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
22:06:15.0375 3384 symc810 - ok
22:06:15.0406 3384 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:06:15.0406 3384 symc8xx - ok
22:06:15.0437 3384 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:06:15.0437 3384 sym_hi - ok
22:06:15.0500 3384 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:06:15.0500 3384 sym_u3 - ok
22:06:15.0531 3384 SynTP (c9a1785cc0d7a040dd0fdbfeaa8be135) C:\WINDOWS\system32\DRIVERS\SynTP.sys
22:06:15.0531 3384 SynTP - ok
22:06:15.0593 3384 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:06:15.0593 3384 sysaudio - ok
22:06:15.0687 3384 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:06:15.0687 3384 Tcpip - ok
22:06:15.0718 3384 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:06:15.0718 3384 TDPIPE - ok
22:06:15.0765 3384 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:06:15.0765 3384 TDTCP - ok
22:06:15.0796 3384 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:06:15.0796 3384 TermDD - ok
22:06:15.0843 3384 tifm21 (9179e07503630d6fb2e4162ff0196191) C:\WINDOWS\system32\drivers\tifm21.sys
22:06:15.0843 3384 tifm21 - ok
22:06:15.0890 3384 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
22:06:15.0890 3384 TosIde - ok
22:06:15.0937 3384 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:06:15.0937 3384 Udfs - ok
22:06:15.0953 3384 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
22:06:15.0953 3384 ultra - ok
22:06:16.0000 3384 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:06:16.0000 3384 Update - ok
22:06:16.0109 3384 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:06:16.0109 3384 usbccgp - ok
22:06:16.0125 3384 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:06:16.0125 3384 usbehci - ok
22:06:16.0171 3384 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:06:16.0171 3384 usbhub - ok
22:06:16.0250 3384 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:06:16.0250 3384 usbprint - ok
22:06:16.0296 3384 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:06:16.0296 3384 USBSTOR - ok
22:06:16.0343 3384 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:06:16.0343 3384 usbuhci - ok
22:06:16.0375 3384 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:06:16.0375 3384 VgaSave - ok
22:06:16.0437 3384 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:06:16.0437 3384 viaagp - ok
22:06:16.0531 3384 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:06:16.0531 3384 ViaIde - ok
22:06:16.0593 3384 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:06:16.0593 3384 VolSnap - ok
22:06:16.0718 3384 w39n51 (4e7b07653f4f9937cf62ad2869fba520) C:\WINDOWS\system32\DRIVERS\w39n51.sys
22:06:16.0734 3384 w39n51 - ok
22:06:16.0796 3384 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:06:16.0796 3384 Wanarp - ok
22:06:16.0828 3384 WDICA - ok
22:06:16.0875 3384 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:06:16.0875 3384 wdmaud - ok
22:06:16.0968 3384 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:06:16.0968 3384 winachsf - ok
22:06:17.0093 3384 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:06:17.0093 3384 WmiAcpi - ok
22:06:17.0171 3384 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
22:06:17.0171 3384 WpdUsb - ok
22:06:17.0250 3384 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:06:17.0250 3384 WudfPf - ok
22:06:17.0312 3384 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:06:17.0328 3384 WudfRd - ok
22:06:17.0375 3384 MBR (0x1B8) (5ae5a393505cffd37fe98c4a7922908d) \Device\Harddisk0\DR0
22:06:17.0375 3384 \Device\Harddisk0\DR0 - ok
22:06:17.0390 3384 Boot (0x1200) (53926d7c71b43117a9f968a24f5fba0d) \Device\Harddisk0\DR0\Partition0
22:06:17.0390 3384 \Device\Harddisk0\DR0\Partition0 - ok
22:06:17.0421 3384 Boot (0x1200) (9d30dc68a9a6239fda2912fdb8e6ce1c) \Device\Harddisk0\DR0\Partition1
22:06:17.0421 3384 \Device\Harddisk0\DR0\Partition1 - ok
22:06:17.0421 3384 ============================================================
22:06:17.0421 3384 Scan finished
22:06:17.0421 3384 ============================================================
22:06:17.0437 3176 Detected object count: 0
22:06:17.0437 3176 Actual detected object count: 0




aswMBR log:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-26 22:09:20
-----------------------------
22:09:20.718 OS Version: Windows 5.1.2600 Service Pack 3
22:09:20.718 Number of processors: 2 586 0xE08
22:09:20.718 ComputerName: PC139818592325 UserName: Mike Pizzo
22:09:22.031 Initialize success
22:13:00.500 AVAST engine defs: 11092601
22:13:18.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:13:18.796 Disk 0 Vendor: Size: 0MB BusType: 0
22:13:18.812 Disk 0 MBR read successfully
22:13:18.828 Disk 0 MBR scan
22:13:18.890 Disk 0 unknown MBR code
22:13:18.906 Disk 0 MBR hidden
22:13:18.953 Disk 0 scanning C:\WINDOWS\system32\drivers
22:13:30.359 Service scanning
22:13:31.531 Modules scanning
22:13:35.812 Scan finished successfully
22:13:46.046 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mike Pizzo\Desktop\MBR.dat"
22:13:46.046 The log file has been saved successfully to "C:\Documents and Settings\Mike Pizzo\Desktop\aswMBR.txt"
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Delete this file:

C:\WINDOWS\possiblebadfile:3478076813.exe

(You will just see it as:
C:\WINDOWS\possiblebadfile )

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.


1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#5
RealBlasty

RealBlasty

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
deleted that file......tried to run that program and it got me to a point where it says it found non-standard or infected MBR and wants me to hit Y and enter for more options or N to exit. What should I do next?


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 142):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF79E7000 \WINDOWS\system32\KDCOM.DLL
0xF78F7000 \WINDOWS\system32\BOOTVID.dll
0xF73B8000 ACPI.sys
0xF79E9000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF73A7000 pci.sys
0xF74E7000 isapnp.sys
0xF74F7000 ohci1394.sys
0xF7507000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF78FB000 compbatt.sys
0xF78FF000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7AAF000 pciide.sys
0xF7767000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF79EB000 intelide.sys
0xF79ED000 viaide.sys
0xF79EF000 aliide.sys
0xF7389000 pcmcia.sys
0xF7517000 MountMgr.sys
0xF736A000 ftdisk.sys
0xF79F1000 dmload.sys
0xF7344000 dmio.sys
0xF7903000 ACPIEC.sys
0xF7AB0000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF776F000 PartMgr.sys
0xF7527000 VolSnap.sys
0xF732C000 atapi.sys
0xF7256000 iaStor.sys
0xF7537000 disk.sys
0xF7547000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7236000 fltmgr.sys
0xF7224000 sr.sys
0xF7557000 PxHelp20.sys
0xF720D000 KSecDD.sys
0xF71FA000 WudfPf.sys
0xF716D000 Ntfs.sys
0xF7140000 NDIS.sys
0xF7567000 Serial.sys
0xF7577000 Combo-Fix.sys
0xF7126000 Mup.sys
0xF7597000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBAFAC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF75A7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA959000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0xF75B7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7857000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA955000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA830000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xBA81C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA7F4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA697000 \SystemRoot\system32\DRIVERS\w39n51.sys
0xF785F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xBA673000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7867000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA64B000 \SystemRoot\system32\drivers\tifm21.sys
0xBA637000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xBA610000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF75C7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF786F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA5E0000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7A2B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7877000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF75D7000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF75E7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF75F7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA5BD000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7B56000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7607000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF79A7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xBA5A6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7617000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7627000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7887000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBA595000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7637000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF788F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7897000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA565000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7647000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A2D000 \SystemRoot\system32\DRIVERS\swenum.sys
0xBA507000 \SystemRoot\system32\DRIVERS\update.sys
0xF79C7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF79CB000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xBAA3C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA7B36000 \SystemRoot\system32\drivers\CHDAud.sys
0xA7B12000 \SystemRoot\system32\drivers\portcls.sys
0xF7747000 \SystemRoot\system32\drivers\drmk.sys
0xA7AE0000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xA79E3000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xA7850000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF77AF000 \SystemRoot\System32\Drivers\Modem.SYS
0xA663D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xA5D0B000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xA58E4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xA6170000 \SystemRoot\System32\Drivers\Null.SYS
0xA58E2000 \SystemRoot\System32\Drivers\Beep.SYS
0xA6992000 \SystemRoot\System32\drivers\vga.sys
0xA58E0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xA58DE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA64F5000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA5310000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA5D07000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA4EA0000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA4E47000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA4E1F000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA4DF9000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA4DD7000 \SystemRoot\System32\drivers\afd.sys
0xA5822000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA5812000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA58DC000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
0xA4DAC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA5802000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA4D3C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA57F2000 \SystemRoot\System32\Drivers\Fips.SYS
0xA52F8000 \SystemRoot\System32\Drivers\ASPI32.SYS
0x9E1CD000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x9E0F7000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xBAFB4000 \SystemRoot\System32\drivers\Dxapi.sys
0xF787F000 \SystemRoot\System32\watchdog.sys
0xBF9C3000 \SystemRoot\System32\drivers\dxg.sys
0x9E413000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9E4000 \SystemRoot\System32\ialmdnt5.dll
0xBF9D5000 \SystemRoot\System32\ialmrnt5.dll
0xBFA06000 \SystemRoot\System32\ialmdev5.DLL
0xBFA41000 \SystemRoot\System32\ialmdd5.DLL
0x9F725000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0x9F719000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9E0A2000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x9DFE9000 \SystemRoot\System32\Drivers\HTTP.sys
0x9DF6F000 \SystemRoot\system32\DRIVERS\srv.sys
0xA6423000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9DF30000 \??\C:\WINDOWS\system32\drivers\mqac.sys
0x9DED6000 \??\C:\WINDOWS\system32\drivers\RMCast.sys
0x9DAD9000 \SystemRoot\system32\drivers\wdmaud.sys
0x9DC2E000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA9FC000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA508E000 \??\C:\ComboFix\catchme.sys
0xF7A6B000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0x9E82E000 \??\C:\DOCUME~1\MIKEPI~1\LOCALS~1\Temp\aswMBR.sys
0x9C90F000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 68):
0 System Idle Process
4 System
840 C:\WINDOWS\system32\smss.exe
892 csrss.exe
920 C:\WINDOWS\system32\winlogon.exe
964 C:\WINDOWS\system32\services.exe
976 C:\WINDOWS\system32\lsass.exe
1148 C:\WINDOWS\system32\svchost.exe
1256 svchost.exe
1420 C:\WINDOWS\system32\svchost.exe
1452 C:\WINDOWS\system32\svchost.exe
1568 svchost.exe
1724 svchost.exe
1972 C:\WINDOWS\system32\spoolsv.exe
488 svchost.exe
560 msdtc.exe
632 C:\WINDOWS\ehome\ehRecvr.exe
648 C:\WINDOWS\ehome\ehSched.exe
728 C:\Program Files\Java\jre6\bin\jqs.exe
808 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
868 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
148 C:\WINDOWS\system32\HPZipm12.exe
1156 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1444 svchost.exe
1244 C:\Program Files\Vongo\VongoService.exe
1824 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1916 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
2028 mcrdsvc.exe
248 C:\WINDOWS\system32\mqsvc.exe
1268 C:\WINDOWS\system32\mqtgsvc.exe
1588 C:\WINDOWS\system32\dllhost.exe
1880 alg.exe
2216 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3124 C:\WINDOWS\system32\wscntfy.exe
4068 C:\WINDOWS\system32\wuauclt.exe
3220 C:\WINDOWS\ehome\ehtray.exe
3396 C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
3408 C:\WINDOWS\system32\igfxtray.exe
3444 C:\WINDOWS\ehome\ehmsas.exe
3440 C:\WINDOWS\system32\hkcmd.exe
3472 C:\WINDOWS\system32\igfxpers.exe
3548 wmiprvse.exe
3296 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3664 C:\WINDOWS\system32\svchost.exe
1280 C:\Program Files\Hp\QuickPlay\QPService.exe
3872 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
4016 C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
256 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
220 C:\Program Files\Winamp\winampa.exe
1676 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
1652 C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
2260 C:\Program Files\Common Files\Java\Java Update\jusched.exe
836 C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
2272 C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
2392 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
1440 C:\Documents and Settings\Mike Pizzo\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe
756 C:\Program Files\Vongo\Tray.exe
2820 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
576 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
3224 C:\Program Files\Hp\Digital Imaging\bin\hpqimzone.exe
2248 C:\WINDOWS\explorer.exe
500 C:\Program Files\Internet Explorer\iexplore.exe
2684 C:\Program Files\Internet Explorer\iexplore.exe
2452 C:\WINDOWS\system32\ctfmon.exe
3388 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
1476 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
3140 C:\Program Files\Internet Explorer\iexplore.exe
3544 C:\Documents and Settings\Mike Pizzo\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000018`3a575600 (FAT32)

PhysicalDrive0 Model Number: FUJITSUMHV2120BHPL, Rev: 892C

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D0919EC9044E217466E4B6B4F0D4E99E29BDE3F9


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Close the mbrcheck program and go on with the rest.
  • 0

#7
RealBlasty

RealBlasty

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
ok i did the disk check...took a couple hours....

after doing the sigverif I had 3 results

acfpdf.txt
acpdf250.dll
acpdfui250.dll




Vino's Event Viewer v01c run on Windows XP in English
Report run at 27/09/2011 12:15:00 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



ino's Event Viewer v01c run on Windows XP in English
Report run at 27/09/2011 12:14:04 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/09/2011 10:47:59 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user PC139818592325\Mike Pizzo registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
The three files are harmless.

The only error I see can be fixed by uphclean:

To use the Microsoft User Profile Hive Cleanup Service (UPHClean), follow these steps:

Download UPHClean. To download and install UPHClean, visit the following Microsoft Web site:
http://www.microsoft...70-42470E2F3582
You will be prompted to validate your copy of Windows.
As soon as you have downloaded the UPHClean installer (UPHClean-Setup.msi), double-click the installer to begin the installation.
In the User Profile Hive Cleanup Service installation wizard, click Next.
In the License Agreement page, read the license agreement, select I Agree, and then click Next.
In the Select Installation Folder page, click Next.
In the Confirm Installation page, click Next.
When UPHClean is installed, click Close.

How is it running now?

Ron
  • 0

#9
RealBlasty

RealBlasty

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
It seems to be running normally again. No more redirects...no more slowdown.

I got a little nervous when combofix said zeroaccess had inserted itself into the tcp/ip stack and that it was a particularly difficult infection or something along those lines....but it appears to have done the trick.


Thank you so much for your help, Ron.


-Mike
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Why don't you run Combofix again and see if it still has any complaints. If not then I think we are done and we can clean up.

We need to clean up System Restore. Follow Jim's procedure here:
http://aumha.net/vie...581099691bf108f


You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You probably do not have the latest Java (Java™ 6 Update 27 or 7 update 0). Get the latest at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Note on Java and Firefox: For some reason Java does not remove old consoles from Firefox. Any time you update Java you should do Firefox, Add-ons, Extensions and disable any old Java Consoles

They will look like: Java Console 6.xx. The xx corresponds to the update number. When they switch to 7 update 0 then it will be Java Console 7.

Multiple Java Consoles will slow down the Firefox boot. After any change to Firefox or its extension you should run Speedyfox. (Mentioned later.)



Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#11
RealBlasty

RealBlasty

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Bad news Ron.....It came back.

I didnt see your last post because I thought my problem was solved...


So today I was browsing on a totally harmless, mainstream site....and suddenly my pc starts installing this program called OpenCloud security which was obvious malware and started acting like it was running a virus scan. So I re-ran combofix and again it detected zeroaccess rootkit.....what worries me THIS time is that even AFTER running combofix (while it still said it was preparing the log) the opencloud program popped up and started running. I deleted the opencloud icon from the desktop but Im sure that didnt really do much. So I know that even after running combofix it's probably still there. here's my newest combofix log:


ComboFix 11-09-24.04 - Mike Pizzo 09/29/2011 9:48.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.654 [GMT -5:00]
Running from: c:\documents and settings\Mike Pizzo\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mike Pizzo\Application Data\44E2.752
c:\documents and settings\Mike Pizzo\Application Data\dwm.exe
c:\documents and settings\Mike Pizzo\Application Data\Microsoft\conhost.exe
c:\documents and settings\Mike Pizzo\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Mike Pizzo\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse
c:\documents and settings\Mike Pizzo\Local Settings\Application Data\ApplicationHistory\hpqthb08.exe.a935d1e0.ini
c:\documents and settings\Mike Pizzo\Start Menu\Programs\OpenCloud Security
c:\documents and settings\Mike Pizzo\Start Menu\Programs\OpenCloud Security\OpenCloud Security.lnk
c:\windows\$NtUninstallKB3389$\684868356
c:\windows\$NtUninstallKB3389$\816890482\@
c:\windows\$NtUninstallKB3389$\816890482\bckfg.tmp
c:\windows\$NtUninstallKB3389$\816890482\cfg.ini
c:\windows\$NtUninstallKB3389$\816890482\Desktop.ini
c:\windows\$NtUninstallKB3389$\816890482\kwrd.dll
c:\windows\$NtUninstallKB3389$\816890482\L\pzofaiii
c:\windows\$NtUninstallKB3389$\816890482\lsflt7.ver
c:\windows\$NtUninstallKB3389$\816890482\U\[email protected]
c:\windows\$NtUninstallKB3389$\816890482\U\[email protected]
c:\windows\$NtUninstallKB3389$\816890482\U\[email protected]
c:\windows\$NtUninstallKB3389$\816890482\U\[email protected]
c:\windows\$NtUninstallKB3389$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_30b0c272
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-29 )))))))))))))))))))))))))))))))
.
.
2011-09-29 16:13 . 2011-09-29 16:13 -------- d-----w- c:\documents and settings\Mike Pizzo\Application Data\qTZqjYCwkVzN
2011-09-29 16:13 . 2011-09-29 16:13 -------- d-----w- c:\documents and settings\Mike Pizzo\Application Data\kcA1uvD2oFpHsJ
2011-09-29 16:12 . 2011-09-29 16:13 -------- d-----w- c:\documents and settings\Mike Pizzo\Local Settings\Application Data\ApplicationHistory
2011-09-29 14:33 . 2011-09-29 14:33 -------- d-----w- c:\documents and settings\Mike Pizzo\Application Data\qgRZqhYXwUrO
2011-09-29 14:33 . 2011-09-29 14:33 -------- d-----w- c:\documents and settings\Mike Pizzo\Application Data\eibD3pnG4Q6
2011-09-29 14:31 . 2011-09-29 14:31 -------- d-----w- c:\documents and settings\Mike Pizzo\Application Data\s888gRZZqhX
2011-09-29 14:31 . 2011-09-29 14:31 -------- d-----w- c:\documents and settings\Mike Pizzo\Application Data\OwwkkUVrlOBtP0c
2011-09-29 14:31 . 2011-09-29 14:31 2426368 ----a-w- c:\windows\system32\nnnGG4amH6sW7fL.exe
2011-09-29 14:31 . 2011-09-29 14:31 -------- d-----w- c:\documents and settings\Mike Pizzo\Application Data\c0yycSS1ivDo
2011-09-29 03:39 . 2011-09-29 14:37 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-26 03:29 . 2011-09-26 03:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2011-09-25 18:45 . 2011-09-25 18:45 -------- d-----w- c:\program files\MSN Toolbar
2011-09-25 18:41 . 2011-09-25 18:41 -------- d-----w- c:\program files\Unlocker
2011-09-25 18:29 . 2011-09-25 18:29 -------- d--h--w- c:\windows\PIF
2011-09-25 01:24 . 2011-09-25 01:24 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-25 01:23 . 2011-09-27 15:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-22 20:19 . 2011-09-25 01:23 -------- d-----w- c:\documents and settings\Mike Pizzo\Application Data\vlc
2011-09-22 20:17 . 2011-09-22 20:17 -------- d-----w- c:\program files\VideoLAN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 22:00 . 2010-02-16 22:51 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( [email protected]_02.54.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-29 15:04 . 2011-09-29 15:04 16384 c:\windows\temp\Perflib_Perfdata_2a0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2011-06-08 822456]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 454656]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 761948]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-20 583016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [2010-03-24 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"rggTXXqjYCek8234A"="c:\windows\system32\nnnGG4amH6sW7fL.exe" [2011-09-29 2426368]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-09-29 9347072]
.
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-3-14 73728]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-3-14 73728]
.
c:\documents and settings\Guest\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-3-14 73728]
.
c:\documents and settings\Mike Pizzo\Start Menu\Programs\Startup\
MLB.TV NexDef Plug-in.lnk - c:\documents and settings\Mike Pizzo\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe [2009-4-1 801032]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-3-14 73728]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-3-14 73728]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Mike Pizzo\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/16/2010 5:51 PM 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/16/2010 5:51 PM 22216]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [4/23/2009 8:45 PM 16512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3013578041-3076308925-2894320300-1005Core.job
- c:\documents and settings\Mike Pizzo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-13 05:29]
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3013578041-3076308925-2894320300-1005UA.job
- c:\documents and settings\Mike Pizzo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-13 05:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://sports.yahoo.com/fantasy
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = http=127.0.0.1:64848
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
FF - ProfilePath - c:\documents and settings\Mike Pizzo\Application Data\Mozilla\Firefox\Profiles\u4ivvbs4.default\
FF - prefs.js: browser.startup.homepage - pof.com
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 64848
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected]n.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: [email protected] - c:\documents and settings\Mike Pizzo\Application Data\Move Networks
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-29 11:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? [email protected][email protected]? ??? R??????([email protected][email protected]
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2652)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\msdtc.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Vongo\VongoService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
.
**************************************************************************
.
Completion time: 2011-09-29 11:19:03 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-29 16:18
ComboFix2.txt 2011-09-27 03:01
.
Pre-Run: 9,166,524,416 bytes free
Post-Run: 9,977,782,272 bytes free
.
- - End Of File - - 234E8482B90AF4398FBAB5CF09DC3EA9
  • 0

#12
RealBlasty

RealBlasty

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ok I just followed the instructions on BleepingComputer to remove OpenCloud (rkill and then MBAM) and I think the MBAM has removed it....wanted to post the MBAM log for you to review as well.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7828

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

9/29/2011 11:50:56 AM
mbam-log-2011-09-29 (11-50-56).txt

Scan type: Quick scan
Objects scanned: 199785
Time elapsed: 3 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{19090308-636D-4e9b-A1CE-A647B6F794BF} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19090308-636D-4E9B-A1CE-A647B6F794BF} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rggTXXqjYCek8234A (Backdoor.Bot) -> Value: rggTXXqjYCek8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\nnngg4amh6sw7fl.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\mike pizzo\application data\zel8gtzqhckvlnx\sysl32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\mike pizzo\Desktop\opencloud security.lnk (Rogue.OpenCloudSecurity) -> Quarantined and deleted successfully.
c:\documents and settings\mike pizzo\application data\ldr.ini (Malware.Trace) -> Quarantined and deleted successfully.
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\system32\nnnGG4amH6sW7fL.exe
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3013578041-3076308925-2894320300-1005Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3013578041-3076308925-2894320300-1005UA.job

Folder::
c:\documents and settings\Mike Pizzo\Application Data\qTZqjYCwkVzN
c:\documents and settings\Mike Pizzo\Application Data\kcA1uvD2oFpHsJ
c:\documents and settings\Mike Pizzo\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Mike Pizzo\Application Data\qgRZqhYXwUrO
c:\documents and settings\Mike Pizzo\Application Data\eibD3pnG4Q6
c:\documents and settings\Mike Pizzo\Application Data\s888gRZZqhX
c:\documents and settings\Mike Pizzo\Application Data\OwwkkUVrlOBtP0c
c:\documents and settings\Mike Pizzo\Application Data\c0yycSS1ivDo

RootKit::
c:\windows\system32\nnnGG4amH6sW7fL.exe


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Then before you try any surfing, clean out system restore. Follow Jim's procedure here:
http://aumha.net/vie...581099691bf108f


Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

Go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)


Install the free Avast:

http://www.avast.com...ivirus-download
Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron

PSI am on a trip thiis week and may not always have Internet access so replies may be delayed.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP